Security at BizForms

Security isn't a checkbox — it's the reason we built BizForms. Here's exactly how we protect your data and your respondents' data.

End-to-End Encryption

Storage Mode uses libsodium / Web Crypto to encrypt responses in the browser before transmission. Private keys never leave your device. BizForms cannot read encrypted responses.

Infrastructure

Hosted on Vercel (edge) and Supabase (Postgres + storage). Data at rest is AES-256 encrypted. Data in transit uses TLS 1.2+. We use row-level security at the database layer.

Access Controls

Role-based permissions (owner / admin / member) per workspace. All access is scoped to workspace membership enforced at the database level, not just application code.

Data Retention & Erasure

Configure per-field data retention windows. GDPR erasure requests are processed within 72 hours. Business plan customers get a full audit trail of erasure events.

Compliance

HIPAA Mode available on Business plan (BAA included). GDPR DPA available on Business plan. Audit logs for all form, user, and data management actions.

Responsible Disclosure

Found a vulnerability? Email security@bizforms.io with details. We aim to acknowledge within 24 hours and patch critical issues within 72 hours.

Report a vulnerability

If you discover a security issue in BizForms, please disclose it responsibly. We take every report seriously and will respond promptly.

Email security@bizforms.io